# helm -n kube-system upgrade --version 1.14.7 --values ~/.local/share/chezmoi/infrastructure/base/cilium/values.yaml cilium cilium/cilium

cni:
  # https://github.com/cilium/cilium/pull/14192/files
  # make Cilium's CNI conf the only one available by aanm · Pull Request
  # #14192 · cilium/cilium
  #
  # Make Cilium take ownership over the `/etc/cni/net.d` directory on the
  # node, renaming all non-Cilium CNI configurations to
  # `*.cilium_bak`. This ensures no Pods can be scheduled using other CNI
  # plugins during Cilium agent downtime.
  #
  # Do not rename 00-multus.conf to 00-multus.conf.cilium_bak file in
  # /etc/cni/net.d directory.
  exclusive: false

# -- Configure prometheus metrics on the configured port at /metrics
prometheus:
  enabled: true

operator:
  replicas: 1
  prometheus:
    enabled: true

hubble:
  relay:
    enabled: true
    prometheus:
      enabled: true
  ui:
    enabled: true

kubeProxyReplacement: "true"

# localRedirectPolicy: true

bpf:
  # -- Enable native IP masquerade support in eBPF
  masquerade: true

  # -- Configure explicitly allowed VLAN id's for bpf logic bypass.
  # [0] will allow all VLAN id's without any filtering.
  vlanBypass: [0]

  # -- Allow cluster external access to ClusterIP services.
  #
  # Required for access to Kubernetes ClusterIP services from Kubevirt virtual
  # machines with interface type masquerade.
  lbExternalClusterIP: true

ipam:
  mode: "kubernetes"

# -- Configure socket LB
socketLB:
  # -- Enable socket LB
  enabled: true

  # -- Disable socket lb for non-root ns. This is used to enable Istio routing rules.
  hostNamespaceOnly: true

loadBalancer:
  mode: hybrid
  # serviceTopology: true

ipv4NativeRoutingCIDR: 10.0.0.0/9

tunnelProtocol: ""
routingMode: native

k8sClientRateLimit: {}

cgroup:
  autoMount:
    enabled: false
  hostRoot: /sys/fs/cgroup

# -- Configure external workloads support
externalWorkloads:
  # -- Enable support for external workloads, such as VMs (false by default).
  #
  # Required for cluster-mesh.
  enabled: true
